Ingo Molnar

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.9.7 **Description** The issue is related to the `vc4 get bcl` function in the VideoCore DRM driver, which fails to set an `errno` value when detecting overflows. This can be exploited by local users to cause a denial of service through incorrect pointer dereferences and OOPS by providing inconsistent size values in a `VC4 SUBMIT CL` ioctl call. **Recommendations** For Linux kernel versions prior to 4.9.7, update to version 4.9.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.19 **Description** The issue is related to the mishandling of counter grouping in the Linux kernel, specifically in the kernel/events/core.c file. This allows local users to gain privileges via a crafted application. The `perf pmu register` and `perf event open` functions are involved in the issue. There is also a mention of a similar issue in the Android operating system, where the vulnerability is related to insufficient access control to certain functions, potentially allowing a remote attacker to elevate privileges using specially crafted applications. **Recommendations** For Linux kernel versions prior to 3.19, update to version 3.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the `perf pmu register` and `perf event open` functions until a patch is available.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.16.13 Description: The issue allows remote attackers to trigger a denial of service, resulting in an infinite loop. This occurs when unknown vectors cause an invalid SCTP chunk size to be processed by the for each sctp chunk function. Recommendations: For versions prior to 2.6.16.13, update to version 2.6.16.13 or later to resolve the issue.